A bug in Honda is indicative of the sprawling car-attack surface that could give cyberattackers easy access to victims, as global use of ‘smart car tech’ and EVs surges. [...]

QNAP is warning clients that a recently disclosed vulnerability affects most of its NAS devices, with no mitigation available while the vendor readies a patch. [...]

Mystified? Now’s the time to learn about cryptocurrency-associated risks: Listen to KnowBe4’s Dr. Lydia Kostopoulos explain blockchain, NFTs and how to stay safe. [...]

The so-called 'Spring4Shell' bug has cropped up, so to speak, and could be lurking in any number of Java applications. [...]

The active attacks could result in critical-infrastructure damage, business disruption, lateral movement and more. [...]

Lapsus$ added IT giant Globant plus 70GB of leaked data – including admin credentials for scads of customers' DevOps platforms – to its hit list. [...]

The internet giant issued an update for the bug, which is found in the open-source V8 JavaScript engine. [...]

A Ukrainian-based threat actor is spearphishing Russians who are using services that have been banned by the Kremlin. [...]

Researchers have found three backdoors and four miners in attacks exploiting the Log4Shell vulnerability, some of which are still ongoing. [...]

The ever-evolving malware shows off new tactics that use email thread hijacking and other obfuscation techniques to provide advanced evasion techniques. [...]

"We made a mistake," Okta said, owning up to its responsibility for security incidents that hit its service providers and potentially its own customers. [...]

The security vendor's appliance suffers from an authentication-bypass issue. [...]

The supply-chain attack on the U.S. energy sector targeted thousands of computers at hundreds of organizations, including at least one nuclear power plant. [...]

Two separate campaigns from different threat actors targeted users with the same exploit kit for more than a month before the company fixed an RCE flaw found in February. [...]

London Police can't say if they nabbed the 17-year-old suspected mastermind & multimillionaire – but researchers say they’ve been tracking an Oxford teen since mid-2021. [...]

A large-scale, automated typosquatting attack saw 200+ malicious packages flood the npm code repository, targeting popular Azure scopes. [...]

A patch fixes exploit hidden in Elden Ring that traps PC players in a ‘death loop.’ [...]

~30 crypto companies were affected, including BlockFi, Swan Bitcoin and NYDIG, providing an uncomfortable reminder about how much data CRM systems snarf up. [...]

Mustang Panda's already sophisticated cyberespionage campaign has matured even further with the introduction of a brand-new PlugX RAT variant. [...]

Attackers are hiding interesting malware in a boring place, hoping victims won’t bother to look. [...]

Bots & automated attacks have exploded, with attackers and developers alike in love with APIs, according to a new Cequence Security report. Hacker-in-residence Jason Kent explains the latest. [...]

Threat actors are impersonating such wildly popular personal-finance apps (which are used more than social media or streaming services) to try to fool people into giving up their credentials. [...]

Threat actors are impersonating such wildly popular personal-finance apps (which are used more than social media or streaming services) to try to fool people into giving up their credentials. [...]

A new steady stream of attacks against network-attached storage devices from the Taiwan-based vendor is similar to a wave that occurred in January. [...]

The data-extortion gang got at Microsoft's Azure DevOps server. Meanwhile, fellow Lapsus$ victim and authentication firm Okta said 2.5 percent of customers were affected in its own Lapsus$ attack. [...]